Twitter deluged with tweets from scammers

Microblogging site Twitter has been flooded with bogus messages from scammers in recent days, most of them pushing fake anti-virus software.

Shady groups created masses of Twitter accounts and then mobilized last week to tweet thousands of messages containing links to fake anti-virus products. Twitter’s latest ‘trending topics’ were used by the scammers to make their messages appear to be about subjects that were generating the most interest. Other attacks copied other, genuine tweets, but added a link to their fake antivirus software at the end. Scammers have also been using DMs (direct messages) to contact Twitter users privately; an approach which may garner a better conversion rate, as users may trust links in direct messages more than publicly-broadcast microposts (a.k.a tweets). The direct messages include password-phishing links and adverts for ‘work at home’ scams, which recruited users to set up bank accounts, which could then be used for transferring the proceeds of fraudulent transactions.

Twitter hasn’t done anything wrong. This is simply another case where malicious attackers are using neutral technology as a means to their deceptive ends.

Twitter has an estimated 30 million users and continues to grow in popularity. This offers a potentially huge market for scammers, who have been using spam email, phoney websites, and social networks to part naive users from their cash for years now. Whilst Twitter is certainly not alone in facing the problem of malicious messages being carried on its service, its users are even more vulnerable due to the fact that tweets are limited to 140 characters, meaning that shortened URLs, (created using bit.ly, TinyURL, or a similar service), are routine. This makes it harder for users to know if they can trust the link.

To mitigate the risk of these kind of attacks, users, as ever, are recommended to keep their anti-virus software up to date and install all security patches for their OS and browser.